<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
 <head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <title>Safe Password Hashing</title>

 </head>
 <body><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="faq.using.html">使用 PHP</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="faq.html.html">PHP 和 HTML</a></div>
 <div class="up"><a href="faq.html">FAQ</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="faq.passwords" class="chapter">
  <h1>Safe Password Hashing</h1>

  
  
  <p class="para">
   This section explains the reasons behind using hashing functions
   to secure passwords, as well as how to do so effectively.
  </p>
  
  <div class="qandaset"><ol class="qandaset_questions"><li><a href="#faq.passwords.hashing">
     
      Why should I hash passwords supplied by users of my application?
     
    </a></li><li><a href="#faq.passwords.fasthash">
     
      Why are common hashing functions such as md5 and
      sha1 unsuitable for passwords?
     
    </a></li><li><a href="#faq.passwords.bestpractice">
     
      How should I hash my passwords, if the common hash functions are
      not suitable?
     
    </a></li><li><a href="#faq.passwords.salt">
     
      What is a salt?
     
    </a></li></ol></div>
   <dl class="qandaentry" id="faq.passwords.hashing">
    <dt><strong>
     
      Why should I hash passwords supplied by users of my application?
     
    </strong></dt>
    <dd class="answer">
     <p class="para">
      Password hashing is one of the most basic security considerations that
      must be made when designing any application that accepts passwords
      from users. Without hashing, any passwords that are stored in your
      application&#039;s database can be stolen if the database is compromised, and
      then immediately used to compromise not only your application, but also
      the accounts of your users on other services, if they do not use
      unique passwords.
     </p>
     <p class="para">
      By applying a hashing algorithm to your user&#039;s passwords before storing
      them in your database, you make it implausible for any attacker to
      determine the original password, while still being able to compare
      the resulting hash to the original password in the future.
     </p>
     <p class="para">
      It is important to note, however, that hashing passwords only protects
      them from being compromised in your data store, but does not necessarily
      protect them from being intercepted by malicious code injected into your
      application itself.
     </p>
    </dd>
   </dl>
   <dl class="qandaentry" id="faq.passwords.fasthash">
    <dt><strong>
     
      Why are common hashing functions such as <span class="function"><a href="function.md5.html" class="function">md5()</a></span> and
      <span class="function"><a href="function.sha1.html" class="function">sha1()</a></span> unsuitable for passwords?
     
    </strong></dt>
    <dd class="answer">
     <p class="para">
      Hashing algorithms such as MD5, SHA1 and SHA256 are designed to be
      very fast and efficient. With modern techniques and computer equipment,
      it has become trivial to &quot;brute force&quot; the output of these algorithms,
      in order to determine the original input.
     </p>
     <p class="para">
      Because of how quickly a modern computer can &quot;reverse&quot; these hashing
      algorithms, many security professionals strongly suggest against
      their use for password hashing.
     </p>
    </dd>
   </dl>
   <dl class="qandaentry" id="faq.passwords.bestpractice">
    <dt><strong>
     
      How should I hash my passwords, if the common hash functions are
      not suitable?
     
    </strong></dt>
    <dd class="answer">
     <p class="para">
      When hashing passwords, the two most important considerations are the
      computational expense, and the salt. The more computationally expensive
      the hashing algorithm, the longer it will take to brute force its
      output.
     </p>
     <p class="para">
      There are two functions that are bundled with PHP that can perform
      hashing using a specified algorithm. 
     </p>
     <p class="para">
      The first hashing function is <span class="function"><a href="function.crypt.html" class="function">crypt()</a></span>, which natively
      supports several hashing algorithms. When using this function,
      you are guaranteed that the algorithm you select is available, as PHP
      contains native implementations of each supported algorithm, in case
      one or more are not supported by your system.
     </p>
     <p class="para">
      The second hashing function is <span class="function"><a href="function.hash.html" class="function">hash()</a></span>, which supports
      many more algorithms and variants than <span class="function"><a href="function.crypt.html" class="function">crypt()</a></span>, but
      does not support some algorithms that <span class="function"><a href="function.crypt.html" class="function">crypt()</a></span> does.
      The Hash extension is bundled with PHP, but can be disabled during
      compile-time, so it is not guaranteed to be available, while
      <span class="function"><a href="function.crypt.html" class="function">crypt()</a></span> is, being in the PHP core.
     </p>
     <p class="para">
      The suggested algorithm to use when hashing passwords is Blowfish, as it
      is significantly more computationally expensive than MD5 or SHA1, while
      still being scalable.
     </p>
    </dd>
   </dl>
   <dl class="qandaentry" id="faq.passwords.salt">
    <dt><strong>
     
      What is a salt?
     
    </strong></dt>
    <dd class="answer">
     <p class="para">
      A cryptographic salt is data which is applied during the hashing process
      in order to eliminate the possibility of the output being looked up
      in a list of pre-calculated pairs of hashes and their input, known as
      a rainbow table.
     </p>
     <p class="para">
      In more simple terms, a salt is a bit of additional data which makes
      your hashes significantly more difficult to crack. There are a number of
      services online which provide extensive lists of pre-computed hashes, as
      well as the original input for those hashes. The use of a salt makes it
      implausible or impossible to find the resulting hash in one of these
      lists.
     </p>
    </dd>
   </dl>
  
  
 </div>
<hr /><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="faq.using.html">使用 PHP</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="faq.html.html">PHP 和 HTML</a></div>
 <div class="up"><a href="faq.html">FAQ</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
